Last updated: March 24, 2026
At Synthfy LLC, security is foundational to everything we do. We understand that our customers trust us with sensitive business communications and data. This page outlines the technical and organizational measures we implement to protect your information.
1. Our Commitment to Security
Synthfy is built with a security-first architecture. We employ industry-leading practices to ensure the confidentiality, integrity, and availability of your data at every level of our platform. Our security program is continuously reviewed and updated to address emerging threats.
2. Data Encryption
Encryption at Rest
All stored data, including call recordings, transcripts, customer information, and account data, is encrypted using AES-256 encryption. Database backups and archived data are also encrypted to the same standard.
Encryption in Transit
All data transmitted between your devices and our servers is protected using TLS 1.2 or higher. API communications, webhook deliveries, and integration data transfers are all encrypted in transit.
3. Access Controls
Synthfy implements strict access control measures including multi-factor authentication (MFA) for all user and administrator accounts, role-based access control (RBAC) to ensure users only access data relevant to their role, session management with automatic timeouts, and IP allowlisting for administrative access.
4. Infrastructure Security
Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 certified data centers, redundant systems and automatic failover capabilities, distributed denial-of-service (DDoS) protection, network segmentation and firewall management, and real-time intrusion detection and prevention systems.
5. Compliance
SOC 2 Type II
Synthfy maintains SOC 2 Type II compliance, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy. Our controls are independently audited on an annual basis.
HIPAA
For healthcare clients, Synthfy is HIPAA-ready and can execute Business Associate Agreements (BAAs). Our platform includes the technical safeguards required for handling Protected Health Information (PHI), including access controls, audit logging, and encryption.
6. Incident Response
Synthfy maintains a comprehensive incident response plan that includes 24/7 monitoring and alerting for security events, defined escalation procedures and response teams, notification protocols for affected customers within 48 hours, post-incident analysis and remediation procedures, and regular incident response drills and tabletop exercises.
7. Employee Security
All Synthfy employees undergo background checks prior to employment, complete security awareness training upon onboarding and annually thereafter, operate under the principle of least privilege access, and sign confidentiality and data protection agreements.
8. Vulnerability Management
We conduct regular vulnerability assessments and penetration testing, maintain a responsible disclosure program, apply security patches promptly following vendor release, and perform continuous automated scanning of our infrastructure and applications.
9. Data Retention and Disposal
Call recordings and transcripts are retained for a configurable period (default 90 days). Data deletion requests are fulfilled within 30 days. All data disposal follows secure deletion standards to prevent recovery.
10. Business Continuity
Synthfy maintains business continuity and disaster recovery plans that are tested regularly. Our infrastructure is designed for high availability with geographic redundancy to ensure service continuity in the event of a localized failure.
11. Contact Us
For security inquiries or to report a vulnerability, please contact us:
Synthfy LLC
Security Team: security@synthfy.us
General Support: hello@synthfy.us
Phone: (713) 766-9062